I sometimes like to check spam just to see how the messages look like, and I found someone who actually put an American phone number (1-XXX-XXX-XXXX). Most of these spammers are either trying to get money out of you, or hack you in ways like disguising as services like Google+.

Not that I actually want to, but I am curious if calling the number would do something to my phone. How could a hacker possibly access sensitive information just by tricking someone into calling. I have heard (no idea where), that some numbers when called, will charge you an enormous bill. Could this be true?

" I have heard (no idea where), that some numbers when called, will charge you an enormous bill". In Italy all numbers starting with 899 are of this kind... so be warned if you ever come to visit Italy to not call any such number if you find an advertising of something you are interested in.
– BakuriuFeb 7 '16 at 21:48

40

A side-effect if the phone number is in your country is being added to a "sucker list" that gets resold among the boiler rooms, something quite common for elderly who respond to various con schemes. Respond to one call, get hit with a permanent barrage to the point that your phone number needs to be changed.
– Fiasco LabsFeb 7 '16 at 22:20

4

We should never give information to spammer, if you call them, they will have your phone number. I would suggest you find a pay phone a call from there if you are curious.
– the_lotusFeb 8 '16 at 13:14

3

Returning their call is confirming your phone number. If you have the ability to block that number or add it to your auto-reject list, you should do that. Edit: If you're unsure, Google the number first. There's some good forums out there regarding these numbers that call you.
– NotJayFeb 8 '16 at 17:41

2

I'm not sure if it makes sense to consider any number really domestic versus overseas anymore (aside from billing purposes). Long gone are the days when the area code and/or exchange give you any idea at all of where on the Earth the person or computer on the other end of the call is physically located.
– Todd WilcoxFeb 8 '16 at 17:45

6 Answers
6

Can you get "hacked" by calling a number?

I am curious if calling the number would do something to my phone. How could a hacker possibly access sensitive information just by tricking someone into calling.

It could be a hack, or it could be a prelude to a hack. Here are some rough examples:

If you call them, the spammer can find out if that phone number is owned by an actual person. The spammer can also easily fake the same area code as you, and set up a clever social engineering trick that may involve you thinking with the wrong head.

If you're dumb enough to call them, you may be gullible enough to fork over additional information. If you're dumb enough, they may call you from other numbers, or forward you to another number.

There may also be an exploit in your phone's processing of various messages/content types. While they could easily target all phones at once by using some form of auto-messaging feature, this may be easily stopped by carriers.

Learning more about you allows an attacker to guess secret answers, passwords, etc. If you're the gullible type, chances are you don't have a good password policy, or you could be tricked into visiting a malicious website, or both.

But why not just send infected videos or pictures to everyone?

Let's assume the spammer has developed, or found, a program that helps with automatically dialing phone numbers.

If they're sending an infected video or picture to multiple recipients, they may quickly run out of data. It's far cheaper and easier to target people individually, especially those gullible enough to call the number.

In fact, if they target everyone, then that also increases the chance of their scam becoming well-known. By limiting their attacks only to the gullible, they've found a very good way to limit detection and knowledge of their particular scam.

The reason why they'd want to limit knowledge is that many folks may be searching for a particular scam, not exactly their specific scam. This is a problem with many gullible people: they can't really think outside the box, and not realize it's the same type of scam, but with different features.

Your information helps scammers engage in Social Engineering tactics

Have you ever tried to contact customer service for anything important, such as banks, online game accounts, websites, etc? Usually, they need specific information from you, or someone pretending to be you, in order to handle your request.

In fact, just recently, I was able to social-engineer a customer service representative for an account of mine by providing details on things I knew about me, without actually providing any real concrete details, or even providing my identity. All I needed was a few bits of information about myself.

Social Engineering is a tactic used everywhere, and often results in astounding success because people in general are ill-equipped to handle it. If a spammer has your phone number, then it may be possible for them to get other information. Maybe your phone number is tied to different accounts.

Maybe they have a partial database of credentials stolen from various websites, which could include more information on you. Maybe that database includes information on your email address, which will allow the scammer to continue their campaign of phishing without you realizing it.

Can calling spam numbers cost me money?

I have heard (no idea where), that some numbers when called, will charge you an enormous bill. Could this be true?

Yes, this is possible.

If you're calling a premium-rate telephone number, then that could cost you a lot of money when you call them. If you text a number associated with a "donation", whether it's legitimate or a scam, your phone bill will likely include additional charges.

What if the call is done with the number hidden?
– JimFeb 8 '16 at 15:57

2

"...they may quickly run out of data." Scammers running that sort of operation are not likely to be on a limited-data plan, but more likely sending from a server somewhere.
– WBTFeb 8 '16 at 17:34

2

@WBT I partially agree with you, that's why I added "may." However, many scammers are using burner phones from Walmart/etc. They aren't necessarily outside of the country.
– Mark BuffaloFeb 8 '16 at 17:38

5

Lol at social engineering involving wrong head.... thanks for that, I now have to wipe coffee from my screen again!
– NamphibianFeb 8 '16 at 21:02

6

Working for a telecoms company who specialise in automated diallers, I can tell you it's very easy to spoof caller ID and redirect inbound calls to premium rate numbers that play an automated message that sounds like the phone is still ringing. You can think you're waiting for a local call to connect, but in reality you're being charged for listening to a recording. While it is interesting to see what scammers are up to, you're best leaving this one well alone. Edit: it's not that easy to spoof CID, it's still possible.
– leylandskiFeb 9 '16 at 9:56

All numbers of the form 1-XXX-XXX-XXXX are American, in the sense of the Americas, but they won't all be domestic calls. Until you check the area code, all you know is that they're part of the North American Numbering Plan, which covers 20 different countries. So right off the bat, you might be making an international call, which could be expensive for you.

Like Mark said, you also need to check if it's a premium number. You might know how to identify a premium number from your country, but you probably don't know how to identify a premium number from another NANP country.

Among other articles available online, the US FTC has an interesting article on "the growing 'one-ring' cell phone scam:"

Here’s how it works: Scammers are using auto-dialers to call cell phone numbers across the country. Scammers let the phone ring once — just enough for a missed call message to pop up.

The scammers hope you’ll call back, either because you believe a legitimate call was cut off, or you will be curious about who called. If you do, chances are you’ll hear something like, “Hello. You’ve reached the operator, please hold.” All the while, you’re getting slammed with some hefty charges — a per-minute charge on top of an international rate. The calls are from phone numbers with three-digit area codes that look like they’re from inside the U.S., but actually are associated with international phone numbers — often in the Caribbean. The area codes include: 268, 284, 473, 664, 649, 767, 809, 829, 849 and 876.

If you get a call like this, don’t pick it up and don’t call the number back. There’s no danger in getting the call: the danger is in calling back and racking up a whopping bill.

Although in practice the danger is probably not that large, in short, the answer to your question is potentially yes; and more likely yes if you know they're spammers than if you don't know who they are.

You could also be giving away other personal information in terms of location/call trace information, voiceprint, environmental sound data (which could also carry location or other information about you), or the signal that you're a valid human with current psychological attributes that lead you to call back an unknown missed number (which may correlate with the psychological attributes that make you receptive to future scams that operate over the phone). As a final note, it could increase your exposure to getting caught up in a government surveillance dragnet as a result of you placing a direct call to a number that may be (or if not, perhaps should be) under investigation.

There is another option. They can list someone else's number in the spam, and the real attack is to that person they hate. I don't think this is common, as people calling a spam number should be already rare. But it is possible.

Alternatively they can sell your number and it might be used for other spams. But probably not very cost-effective.

In your example, they are DDOSing a victim. They could also give you the private line to the chief of police, local mafia captain, etc in the hope that you will bother him/her enough to find and punish you.
– emoryFeb 8 '16 at 18:45

About a year ago, I got a phone call from myself (my phone was ringing and the callers number was my own number). My initial worry about a ghost in the machine soon turned to euphoria when I realized that it could be from myself in the future and thereby time travel was possible...ok not really, what happened is that it just seemed weird and for that reason I just let it ring. They didn't leave a VM however, and calling back to my own number was just plain impossible, so maybe it was a form of spam where they expected me to answer.
– x457812Feb 8 '16 at 19:24

I was attacked once when someone claimed they had the crack of a new game, and listed my email address in a public forum. I assume making a spam email for this purpose looks like a spam is pretty ineffective compared to that.
– user23013Feb 8 '16 at 20:27

@x457812 I also recently had some calls where the caller ID showed my own name and the very number that was being called. I couldn't figure out what their game was, but their behavior itself indicated they were up to no good.
– Monty HarderFeb 8 '16 at 20:44

3

@x457812 Your future self was calling to tell you to short LinkedIn Corp (NYSE: LNKD) and you just lost a cool million dollars.
– Spehro PefhanyFeb 9 '16 at 3:01

Just to extrapolate on that, working in the VoIP telephony industry, if you call back a number that you don't recognise, say for example that it is a spam caller, you are effectively confirming to the dialler/company/data provider that the line is a "live lead".

In the UK it's frowned upon and in a certain sense it's illegal. Forgive me in advance for any UK terms. Someone also mentioned (@Jim I believe), what if the call is made back to the originator with the number withheld/caller ID anonymised. In certain select circumstances, for example if the call is made via a SIP network, withholding your number may make little difference.

In a SIP sense, while your Caller ID will be set to anonymous (From: sip:anonymous), there is nothing stopping your telco from setting your real Calling Line Identifier in a P-Asserted Identity header or a Remote-Party Identity header, therefore the end party can decode this information and reveal your line identifier. Of course this is a very select scenario but not impossible, knowing how many companies are now utilising SIP/VoIP services instead of traditional PSTN/POTS/ISDN lines.

As much as I'd appreciate you'd want to call them back and give them a piece of your mind, I would advise against it and just either ignore it or add it to your devices Blocked/DNC List. In the UK, you can register with the Telephone Preference Service to reduce unsolicited sales/marketing calls. In the US, I believe you have the National Do Not Call Registry. Once registered, I believe that it then becomes illegal/a felony to call the number without explicit consent.

There are a multitude of reasons not to call them back as they could extort information out of you, you could call back a number that is a premium rate number, to name a couple. Better safe than sorry.

I got a missed call to my idea cell Number so many times from (+387644006776), by looking it to several times, even not responded (or) not lifted the call, -one day i got the same ringup call from this unknown number, i was at a distance leaving the mobile on my office desk, when i have taken up the cell & could n't able to lift the call, By curiosity i had called back to this number from my idea cellular mobile number for only 2 seconds,& astonishingly found that my balance has been drained out, & that has been charged me to Rs.60=00 at once, So i have learned a lesson that not to lift the unknown spammers calls & also not even try to dial to these type of spammers / Hackers Numbers, this is really a spam call, so be careful enough to respond to these type of Numbers (+387644006776 !!! spammer Number)

@TreyBlalock technically, it does answer the title question, because the danger is that you might make a long distance call or another type of charged call. Granted, this isn't a very helpful answer because one can check if they are going to get charged ....
– schroeder♦Apr 8 '17 at 20:52

Thank you for your interest in this question.
Because it has attracted low-quality or spam answers that had to be removed, posting an answer now requires 10 reputation on this site (the association bonus does not count).